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WHAT IS CLAIMED IS: 



1 1. A method of operating a communications system 

2 including an edge router, the method comprising: 

3 operating said edge router to perform the steps of: 

4 generating, in a forwarding table, a MAC address 

5 forwarding table entry from a MAC address included in a 

6 headers of a frame received by said edge router; 

7 monitoring a commutations session between a 

8 device on a network which uses MAC addresses with a server 

9 responsible for assigning IP addresses to detect assignment 

10 of an IP address corresponding to a MAC address provided in 

11 a data portion of a message from said device; and 

12 upon detecting assignment of an IP address 

13 corresponding to a MAC address provided in a data portion 

14 of said message, creating an entry in an address resolution 

15 table associating an assigned IP address with said MAC 

16 address provided in the data portion of said message. 

1 2. The method of claim 1, further comprising: 

2 discarding IP packets corresponding to IE addresses 

3 for which a MAC address included in said address resolution 

4 table does not have a corresponding MAC address entry in 

5 said MAC address forwarding table. 

1 3. The method of claim 2, wherein Address Resolution 

2 Protocol is not used by said edge router. 

1 4. The method of claim 3, further comprising: 
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2 storing in said address resolution table aging 

3 information obtained from monitoring information associated 

4 with said IP address assignment. 

1 5. The method of claim 4, further comprising; 

2 operating said edge router to monitor for IP address 

3 release messages transmitted from said network to the 

4 server responsible for assigning IP addresses; and 

5 deleting, in response to detecting an IP address 

6 release message, an entry in said address forwarding table 

7 corresponding to an IP addresses included in said detected 

8 IP address release message. 

1 6. The method of claim 5, further comprising; 

2 operating said edge router to compare a MAC address 

3 included in the data portion of an IP address assignment 

4 request message to a MAC address included in the header of 

5 said IP address assignment request message. 

1 7. The method of claim 6, further comprising; 

2 generating a security alert signal in response to 

3 detecting a mismatch between the MAC address included in 

4 the data portion of said IP address assignment request 

5 message and said MAC address included in the header of said 

6 IP address assignment request message. 

1 8. The method of claim 1, further comprising: 

2 operating the edge router to transmit MAC address 

3 information obtained by accessing a forwarding table 

4 included in said edge router in response to a request for 
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5 MAC address information corresponding to an IP address 

6 assignment request. 

1 9. The method of claim 8, wherein the method further 

2 comprises: 

3 operating said server to deny said IP address 

4 assignment request when said MAC 1 address information 

5 obtained by accessing said forwarding table indicates a 

6 discrepancy between a MAC address included in the IP 

7 address assignment request and MAC address information 

8 included in said forwarding table. 

1 10. The method of claim 9, wherein said MAC address 

2 information obtained by accessing said forwarding table 

3 indicates that the MAC address is not included in the edge 

4 router forwarding table. 

1 11. A communication system comprising: 

2 an edge router including: 

3 means for generating, in a forwarding table, a 

4 MAC address forwarding table entry from a MAC address 

5 included in a headers of a frame received by said edge 

6 router; 

7 means for monitoring a commutations session 

8 between a device on a network which uses MAC addresses with 

9 a server responsible for assigning IP addresses to detect 

10 assignment of an IP address corresponding to a MAC address 

11 provided in a data portion of a message from said device; 

12 and 

13 means for creating an entry in an address 

14 resolution table associating an assigned IP address with 



said MAC address provided in the data portion of said 
message upon detecting assignment of an IP address 
corresponding to a MAC address provided in a data portion 
of said message. 

12. The communication system of claim 11, wherein support 
for Address Resolution Protocol is disabled in said edge 
router . 

13. The communication system of claim 12, wherein said 
edge router further includes : 

means for discarding IP packets corresponding to IP 
addresses for which a MAC address included in said address 
resolution table does not have a corresponding MAC address 
entry in said MAC address forwarding table. 

14. The communications system of claim 13, wherein said 
edge router further comprises: 

an address resolution table including IP address aging 
information obtained from monitoring information associated 
with said IP address assignment. 

15. The communications system of claim 14, wherein said 
edge router further includes : 

means for monitoring for IP address release messages 
transmitted from said network to the server responsible for 
assigning IP addresses; and 

means for deleting, in response to detecting an IP 
address release message, an entry in said address 
forwarding table corresponding to an IP addresses included 
in said detected IP address release message. 
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1 16. The communications system of claim 15, wherein said 

2 edge router further comprises: 

3 means for comparing a MAC address included in the data 

4 portion of an IP address assignment request message to a 

5 MAC address included in the header of said IP address 

6 assignment request message. 

1 17. The communications system of claim 16, wherein said 

2 edge router further comprises: 

3 means for generating a security alert signal in 

4 response to detecting a mismatch between the MAC address 

5 included in the data portion of said IP address assignment 

6 . request message and said MAC address included in the header 

7 of said IP address assignment request message. 

1 18. The communications system of claim 17, further 

2 comprising: 

3 means for transmitting MAC address information 

4 obtained by accessing a forwarding table included in said 

5 edge router to said server in response to a request for MAC 

6 address information corresponding to an IP address 

7 assignment request . 

1 19. The communications system of claim 18, wherein said 

2 MAC address information indicates whether or not a MAC 

3 address included in said IP address assignment request is 

4 present in a layer 2 forwarding table included in said edge 

5 router. 
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20. A machine -readable medium, comprising a set of 
machine -readable instructions for controlling a machine to 
perform the steps of: 

generating, in a forwarding table, a MAC address 
forwarding table entry from a MAC address included in a 
headers of a frame received by said edge router; 

monitoring a commutations session between a device on 
a network which uses MAC addresses with a server 
responsible for assigning IP addresses to detect assignment 
of an IP address corresponding to a MAC address provided in 
a data portion of a message from said device; and 

upon detecting assignment of an IP address 
corresponding to a MAC address provided in a data portion 
of said message, creating an entry in an address resolution 
table associating an assigned IP address with said MAC 
address provided in the data portion of said message. 



